Other official information and services: www.belgium.be

Warning: Microsoft Patch Tuesday June 2022 patches 55 vulnerabilities (3 critical, 52 important)

Reference:

Advisory #2022-018

Version:

1.0

Affected software:

.NET and Visual Studio

Windows LDAP - Lightweight Directory Access Protocol

Azure Real Time Operating System

Azure Service Fabric Container

Windows Hyper-V hypervisor

Intel

Microsoft Office (Excel, SharePoint)

Microsoft Windows ALPC

Remote Volume Shadow Copy Service (RVSS)

SQL Server

Windows Defender

Azure OMI

Windows PowerShell

Windows Network File System

For more exhaustive information consult the release notes on: https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

Type:

Several types, ranging from spoofing to privilege escalation and remote code execution.

CVE/CVSS:

Microsoft patched 55 CVEs in its June 2022 Patch Tuesday release, 3 rated as critical and 52 rated as important.

Number of CVE's per type

Remote Code Execution: 27
Elevation of Privileges: 12
Denial of Service: 3
Spoofing: 1
Information Disclosure: 11
Security Feature Bypass: 1

Remark: MS Patch Tuesday contains a patch for CVE-2022-30190 (A.K.A) Follina. Threat actors are actively exploiting Follina.

Date:

15/06/2022

Sources

https://msrc.microsoft.com/update-guide/releaseNote/2022-Jun

Risks

This month’s Patch Tuesday includes 3 critical and 53 important vulnerabilities for a wide range of Microsoft products, impacting Microsoft Server and Workstations.

Remark: The Patch tuesday contains a patch for CVE-2022-30190 (A.K.A) Follina. Threat actors are actively exploiting Follina targeting organisation inluding US & EU government agencies.

The CCB recommends installing the updates to be fully protected from the vulnerability.

Description

CVE-2022-30190 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution

This vulnerability would allow a remote unauthenticated attacker to execute arbitrary code with the privileges of the current user. An attacker can chain other exploits to gain higher privileges. The attack can be successful without opening the malicious file. Previewing the file is sufficient.

This vulnerability is actively exploited in the wild with malware varying from Ransomware, Banking Trojans and Backdoors.

The CCB recommends to prioritise testing and to deploy this fix with high priority to be fully protected from the vulnerability.

CVE-2022-30136 - Windows Network File System Remote Code Execution Vulnerability 

This vulnerability could allow a remote attacker to execute privileged code on affected systems running NFS. Organisations running NFS should prioritize testing and deploying this fix.

CVE-2022-24436 - Hertzbleed

Hertzbleed is a type of side-channel attack that takes advantage of dynamic frequency scaling affecting a variety of CPU's including Intel CPU's and AMD's desktop, mobile and server chips.

A successful attack can allow an attacker to extract cryptographic keys from remote servers.

CVE-2022-30147 - Windows Installer elevation of privilege vulnerability

Microsoft marked this bug as more likely to be exploited. This type of vulnerability is often leveraged during a cyber attack.

CVE-2022-30148 - Windows Desired State Configuration (DSC) Information Disclosure

An attacker could use this to recover plaintext passwords and usernames from log files. Attackers can leverage this vulnerability to move laterally within a network.

Organisations using DSC, should prioritize testing and deploying this fix.

Recommended Actions

The CCB recommends installing updates for vulnerable devices with the highest priority, after thorough testing.

References

https://www.zerodayinitiative.com/blog/2022/6/14/the-june-2022-security-update-review
https://www.theregister.com/2022/06/15/microsoft_patch_tuesday/